David Cannings > HTTP-Sessioniser-0.05 > HTTP::Sessioniser

Download:
HTTP-Sessioniser-0.05.tar.gz

Dependencies

Annotate this POD

View/Report Bugs
Module Version: 0.05   Source  

NAME ^

HTTP::Sessioniser - Rebuild HTTP sessions from pcap streams

SYNOPSIS ^

  use HTTP::Sessioniser;

  # This will be called once per HTTP request/response pair
  sub my_callback {
    my ($request, $response, $info) = @_;

    # $request is HTTP::Request
    # $response is HTTP::Response
  }

  my $s = HTTP::Sessioniser->new();
  $s->parse_file('/path/to/file.pcap', \&my_callback);

DESCRIPTION ^

This module extracts HTTP sessions from pcap files with the help of Net::LibNIDS.

It will piece HTTP data back together and return a pair of HTTP::Request and HTTP::Response which correspond to one HTTP 'session'.

HTTP CONNECT sessions are dealt with specially: the first request/response pair will be returned as normal, subsequent requests will be skipped (as they do not contain HTTP requests or responses, only SSL data).

EXPORT

None by default.

Methods

new

  my $s = HTTP::Sessioniser->new();

Creates a new object.

parse_file

  $s->parse_file('/path/to/file.pcap', \&callback);

Parses a pcap file using libnids, rebuilding pairs of HTTP::Request and HTTP::Response. These will be passed to the callback function along with a hash of information about the current connection.

ports

  $s->ports( [ 80, 443, 8080, 3128 ] );
  my @p = $s->ports;

Set or return and array of ports we expect to see HTTP transmission on. The default set of ports is 80, 443, 8080 and 3128.

If you are looking for HTTP on other ports (e.g. proxying or application servers) then use this to set the filter appropriately.

add_port

  $s->add_port(8000);

Add one port to the filter list.

BUGS ^

This module does not support HTTP pipelining. It could be added if I find data which requires it.

SEE ALSO ^

HTTP::Parser - used to parse data into HTTP::Request or HTTP::Response objects

AUTHOR ^

David Cannings <david@edeca.net>

COPYRIGHT AND LICENSE ^

Copyright (C) 2010 by David Cannings

syntax highlighting: